name: Base Image Lint

# Any change in triggers needs to be reflected in the concurrency group.
on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
  push:
    branches:
      - main
      - ft/main/**

permissions: read-all

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
  cancel-in-progress: true

jobs:
  lint:
    name: Lint image build logic
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          persist-credentials: false

      - uses: docker://quay.io/cilium/image-maker:7de7f1c855ce063bdbe57fdfb28599a3ad5ec8f1@sha256:dde8500cbfbb6c41433d376fdfcb3831e2df9cec50cf4f49e8553dc6eba74e72
        name: Run make lint
        with:
          entrypoint: make
          args: -C images lint

      - uses: docker://quay.io/cilium/image-maker:7de7f1c855ce063bdbe57fdfb28599a3ad5ec8f1@sha256:dde8500cbfbb6c41433d376fdfcb3831e2df9cec50cf4f49e8553dc6eba74e72
        name: Check if runtime and builder images are up-to-date
        with:
          entrypoint: make
          args: -C images check-runtime-image check-builder-image

      - name: Check Cilium Envoy image
        run: make -C images check-envoy-image
